Customer’s personal data belongs to the restricted information group, which must be protected by appropriate technological and professional measures to prevent unauthorized access and disclosure.
Employees participating in data entry, inspection, administration, storage, receipt and transfer of customers’ personal data must sign a confidentiality agreement with the Company, and be trained and tested on awareness about regulations and security measures for customers’ personal data.
Data entry, inspection, administration, storage, reception and transfer of customers’ personal data are decentralized and access controlled in accordance with the function; be appropriately monitored to detect and prevent unauthorized activities.
For customer personal data stored at the company, it is divided into many small pieces before processing. Employees will not have all personal information on one image. After the processing is complete, the personal data on the employees’ machine will be automatically deleted by the Company’s software.
For customer personal data processed directly on the customer’s system, employees involved in the processing are not allowed to backup, take screenshots and use for other purposes.
The backup copies of customer’s personal data (if any) are password protected against access and kept in a safe location (device) at the company against unauthorized access. We do not use the cloud to store customer information. The storage time of these backups depends on the agreement with the customer. At the end of the retention period, backup copies of the customer’s personal data and the original data must be completely erased (unrecoverable) from the Company’s devices and storage media.